Introduction
You may be troubleshooting issues regarding access to a port from remote servers or networks and need to confirm if packets reach the server. In this example, we are troubleshooting a port typically used in the passive port range configured for the FTP server on a cPanel server.
Procedure
On the cPanel server access an ssh shell as root and in a screen session or in that shell execute the ncat command to listen on port 49199.
nc -lv 49199
Then in another shell or screen session run tcpdump. If not installed tcpdump can be installed via yum with
yum install tcpdump
This is what would be run on the server if the network interface is enp35s0.
tcpdump -i enp35s0 -nn port 49199
That will wait for packets via port 49199.
Next on a remote server use ncat and attempt to connect. For example, if the server you're troubleshooting has IP 10.10.11.11
nc -w 5 10.10.11.11 49199
If you get a timeout or connection refused then check the tcpdump session started on 10.10.11.11.
If you see no activity and when you ctl+c to break away from the tcpdump command you see
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Then no packets reached the server and there is an external firewall that is filtering those ports. That would need to be addressed by your server/service provider support or by the network/data center support team. This may also require obtaining assistance from a qualified server administrator as this isn't something performed by cPanel as a software company.